AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 133

A financial trading company is using Amazon EC2 instances to run its trading platform. Part of the company's trading platform includes a third-party pricing service that the EC2 instances communicate with over UDP on port 50000.

Recently, the company has had problems with the pricing service. Some of the responses from the pricing service appear to be incorrectly formatted and are not being processed successfully. The third-party vendor requests access to the data that the pricing service is returning. The third-party vendor wants to capture request and response data for debugging by logging in to an EC2 instance that accesses the pricing service. The company prohibits direct access to production systems and requires all log analysis to be performed in a dedicated monitoring account.

Which set of steps should a network engineer take to capture the data and meet these requirements?

Answer options

• A. 1. Configure VPC flow logs to capture the data that flows in the VPC. 2. Send the data to an Amazon S3 bucket. 3. In the monitoring account, extract the data that flows to the EC2 instance's IP address and filter the traffic for the UDP data. 4. Provide the data to the third-party vendor.
• B. 1. Configure a traffic mirror filter to capture the UDP data. 2. Configure Traffic Mirroring to capture the traffic for the EC2 instance's elastic network interface. 3. Configure a packet inspection package on a new EC2 instance in the production environment. Use the elastic network interface of the new EC2 instance as the target for the traffic mirror. 4. Extract the data by using the packet inspection package. 5. Provide the data to the third-party vendor.
• C. 1. Configure a traffic mirror filter to capture the UDP data. 2. Configure Traffic Mirroring to capture the traffic for the EC2 instance's elastic network interface. 3. Configure a packet inspection package on a new EC2 instance in the monitoring account. Use the elastic network interface of the new EC2 instance as the target for the traffic mirror. 4. Extract the data by using the packet inspection package. 5. Provide the data to the third-party vendor.
• D. 1. Create a new Amazon Elastic Block Store (Amazon EBS) volume. Attach the EBS volume to the EC2 instance. 2. Log in to the EC2 instance in the production environment. Run the tcpdump command to capture the UDP data on the EBS volume. 3. Export the data from the EBS volume to Amazon S3. 4. Provide the data to the third-party vendor.

Correct answer: C

Explanation

Option C is correct because it captures the UDP traffic using Traffic Mirroring in a dedicated monitoring account, which aligns with the company's policy of not allowing direct access to production systems. Option A does not provide direct packet capture, making it less effective for debugging. Option B captures the data in production, which violates the company's access policy. Option D relies on direct access to the EC2 instance, which is not permitted.